We already have published a guide that described how to setup centralized Rsyslog server on CentOS system. Today, in this guide, we are going to discuss what is Logrotate, how to install Logrotate and how to manage log files using Logrotate on Linux.
Table of Contents
What is Logrotate?
As its name implies, Logrotate rotates the logs entirely out of your system at regular interval time. it also allows automatic rotation, compression, removal, and mailing of log files.
The logrotate utility handles each log file hourly, daily, weekly, monthly, or when it grows too large or the log file reaches certain size.
This logrotate utility simplifies the administration of log files, and is especially useful for systems that produces large volume of log files everyday.
Install Logrotate in Linux
Logrotate is available in the default repositories of most Linux distributions.
To install logrotate in Alpine Linux, run:
$ sudo apk add logrotate
To install logrotate in Arch Linux and its variants such as EndeavourOS and Manjaro Linux, run the following command:
$ sudo pacman -S logrotate
To install logrotate in RPM based systems such as Fedora, RHEL, CentOS, CentOS Stream, AlmaLinux and Rocky Linux, run:
$ sudo dnf install logrotate
On older RHEL, CentOS systems, use yum
instead of dnf
to install logrotate.
$ sudo yum install logrotate
To install logrotate in Debian, Ubuntu and Ubuntu derivatives such as Elementary OS, Linux Mint, and Pop!_OS, run the following command::
$ sudo apt install logrotate
The logrotate can be installed in SUSE and openSUSE systems using the following command:
$ sudo zypper install logrotate
Compile and Install Logrotate from Source
Make sure you have installed the development tools in your Linux system. Refer the following link to know how to install Development tools in various Linux distributions.
Download the latest logrotate tarball from releases page. As of writing this guide, the latest version was 3.21.0. Let us download it using wget program in the current directory:
$ wget https://github.com/logrotate/logrotate/releases/download/3.21.0/logrotate-3.21.0.tar.gz
Let us extract the downloaded tarball:
$ tar xvzf logrotate-3.21.0.tar.gz
This will extract contents of the tarball into a directory named logrotate-3.21.0
. Cd into that directory:
$ cd logrotate-3.21.0
Next, run the following command:
$ ./configure
If you encounter with the following error:
configure: error: libpopt required but not found
Install libpopt-dev in Debian-based systems:
$ sudo apt install libpopt-dev
In RPM-based systems, install popt-devel package.
$ sudo dnf install popt-devel
And then, re-run the ./configure
command.
$ ./configure
Finally, install logrotate using commands:
$ make
$ sudo make install
Manage Log Files using Logrotate
The main configuration file of LogRotate is /etc/logrotate.conf.
Here is the default contents of this file in my Fedora Linux system.
# see "man logrotate" for details # global options do not affect preceding include directives # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # system-specific logs may also be configured here.
The output might look bit different on other Linux distributions. For example, my old Arch Linux box's logrotate.conf
file has different contents.
$ cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # restrict maximum size of log files #size 20M # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # Logs are moved into directory for rotation # olddir /var/log/archive # Ignore pacman saved files tabooext + .pacorig .pacnew .pacsave # Arch packages drop log rotation information into this directory include /etc/logrotate.d /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 }
Let us see what each option does in the above configuration file.
- weekly - It rotates the logs every week.
- rotate 4 - By default, LogRotate keeps the four weeks (one month, obviously) worth of log files. Since, it rotates all log files after a particular period of time, you might need to keep a backup of important log files if you don’t want to lose them.
- size 20M - Rotates the log files if they reached the size of 20MB. By default, this option is disabled. To enable it, just uncomment it.
- create - Creates new log files once the after rotating the old log files. This option is enabled by default.
- compress - Compresses the log files. Also, it doesn’t compress logs by default. If you want to compress the logs, uncomment this line.
- /etc/logrotate.d/ - This directory contains application-specific log rules files.
- missing ok - If the log file is missing, Logrotate will go on to the next one without issuing an error message.
Logrotate segments the log files, and compresses the logs based on the rules that are specified under /etc/logrotate.d/ directory.
Let us take a look at this directory contents.
$ ls /etc/logrotate.d/
Sample Output:
bootlog chrony firewalld httpd libvirtd numad psacct sssd wtmp btmp dnf glusterfs iscsiuiolog libvirtd.qemu ppp samba wpa_supplicant
As you see in the above output, it contains various rules files for all logs managed by Logrotate.
To view a specific application's log rule, for example samba, run:
$ cat /etc/logrotate.d/samba
Sample Output:
/var/log/samba/log.smbd /var/log/samba/log.nmbd /var/log/samba/*.log { notifempty missingok sharedscripts copytruncate postrotate /bin/kill -HUP `cat /var/run/samba/*.pid 2>/dev/null` 2>/dev/null || true endscript }
Here,
- notifempty - Indicates the log files will not be rotated if it is empty.
- copytruncate - Truncate the original log file in place after creating a copy.
- sharedscript - The scripts are only run once, no matter how many logs match the wildcarded pattern.
- postrotate/endscript - The lines between postrotate and endscript are executed after the log file is rotated.
You can also create your own log rules files in /etc/logrotate.d/
directory and define your own rules.
Cron Configuration
Cron runs the logroate utility daily in search of log files to rotate. You can specify automatic log rotation rules in /etc/cron.daily/logrotate
file to avoid manual user intervention.
$ cat /etc/cron.daily/logrotate #!/bin/sh # skip in favour of systemd timer if [ -d /run/systemd/system ]; then exit 0 fi # this cronjob persists removals (but not purges) if [ ! -x /usr/sbin/logrotate ]; then exit 0 fi /usr/sbin/logrotate /etc/logrotate.conf EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi exit $EXITVALUE
It will perform the log rotation every single day at a specific time.
Check Logrotate Status
To verify whether the logs files are rotating or not, check the logrotate.status
file:
$ sudo cat /var/lib/logrotate/logrotate.status
Sample Output:
logrotate state -- version 2 "/var/log/glusterfs/snaps/*/*.log" 2022-11-29-14:0:0 "/var/log/firewalld" 2022-11-29-14:0:0 "/var/log/boot.log" 2023-4-7-16:10:29 "/var/log/hawkey.log" 2023-4-7-16:10:29 "/var/log/glusterfs/*.log" 2022-11-29-14:0:0 "/var/log/httpd/*log" 2022-11-29-14:0:0 "/var/log/chrony/*.log" 2022-11-29-14:0:0 "/var/log/wtmp" 2022-11-29-14:0:0 "/var/log/btmp" 2023-4-7-16:10:29 "/var/log/glusterfs/samples/*.samp" 2022-11-29-14:0:0 "/var/log/iscsiuio.log" 2022-11-29-14:0:0 "/var/log/libvirt/libvirtd.log" 2022-11-29-14:0:0 "/var/log/libvirt/qemu/*.log" 2022-11-29-14:0:0 "/var/log/sssd/sssd_kcm.log" 2023-4-7-16:10:29 "/var/log/wpa_supplicant.log" 2022-11-29-14:0:0 "/var/log/glusterfs/bricks/*.log" 2022-11-29-14:0:0 "/var/log/numad.log" 2022-11-29-14:0:0 "/var/log/ppp/connect-errors" 2022-11-29-14:0:0 "/var/log/samba/log.*" 2022-11-29-14:0:0 "/var/account/pacct" 2022-11-29-14:0:0
In some older Linux distributions, this file's location might be different.
$ cat /var/lib/logrotate.status
Sample output:
logrotate state -- version 2 "/var/log/samba/log.smbd" 2022-5-12-11:0:0 "/var/log/lircd" 2022-6-15-10:0:0 "/var/log/httpd/*log" 2022-5-12-11:0:0 "/var/log/wtmp" 2022-5-6-10:0:0 "/var/log/samba/*.log" 2022-5-12-11:0:0 "/var/log/btmp" 2023-4-1-11:36:53 "/var/log/samba/log.nmbd" 2023-4-1-11:0:0
Getting Help
For more details, run the logrotate by entering the following command:
$ logrotate --help
Also refer man pages:
$ man logrotate
Conclusion
Logrotate is simple, yet useful log rotation tool that simplifies the log management. You don't need to complicate yourself with complex configuration and installation steps. Everything is self-explanatory. If you're managing a system that produces large number of log files, you can rotate the logs periodically using Logrotate in your Linux server.
Resource: